A new report from the Software Assurance Forum for Excellence in Code (SAFECode) sheds new light on how vendors are trying to work more secure coding into the product development process.
The vendors contributing to the report are SAFECode members who have enjoyed some success in reducing the frequency of attacks against its technology, including EMC Corp., Juniper Networks, SAP and Microsoft. But the organization also includes companies that continue to have an uphill climb, most notably Adobe Systems.

Despite its efforts to write more ironclad software, Adobe has taken heavy criticism for the number of vulnerabilities attackers have been able to exploit. In a recent interview with CSO, Adobe security chief Brad Arkin admitted the company has a lot of work to do, but that part of the problem is the wide attack surface that comes with a technology almost everyone uses.

In an interview with CSO last week, SAFECode Executive Director Paul Kurtz acknowledged that 100 percent secure code may be impossible to achieve, and that companies will always deal with some level of vulnerability. But, he said, the new report at least offers a roadmap of examples other companies can use to make their own development procedures better than they are now.